Over the past 4 weeks we have been receiving a huge amount of bot traffic (40%+ of total traffic), totally skewing our analytics module and god knows what else. The traffic seems to be coming from the same 4 locations (Ashburn, Dublin, Frankfurt and London), all through Proxy servers, all at the same 4 times of day. I have tried redirecting based on location for the 3 cities we don’t currently sell to, but it doesn’t seem to have deterred them from coming back and, since they still count as visitors, my metrics are still skewed. The traffic is all direct so isn’t click fruad and doesn’t appear in Google Analytics because the pages aren’t being rendered. I can only assume it’s some sort of price crawler. Any advice on how I can tackle this? I have contacted Shopify who have said there is nothing they can do on there end and have seen a disheartening number of posts on this forum bemoaning the same problem, but few solutions.
We’re bemoaning the bots too. It’s a disaster. We’ve had to shut down several product releases due to getting hit by bots and them cleaning out all our inventory in under a minute. Real customers now have to email us and then we send a separate purchase invoice to them since there’s no solution from Shopify except to get Shopify Plus which is not viable for a small shop. Fail.
We have the same issue, I noticed it towards the end of July, same 4 cities, same times of day (5am, 9am, 12pm 8pm), like clockwork. Please let me know if you get a resolution to this, will get in touch with Shopify too.
Copy of post from related thread:
Same sort of issues here. Hundreds to thousands of fake customers being created and “abandoning their carts”. We get a couple batches every day. I’ve tried support multiple times and they admit this is a known issue that shopify developers are working on. Then they suggested anti-fraud 3rd party apps, but when i’ve tried those and talked to those app developers, the common issue is that they only work with Shopify Plus stores because they need access to the checkouts.liquid file in order to inject protection. Without access to this liquid file, it also appears that manually implementing a honeypot is not an option.
After a couple rounds with this, it was suggested that I try IP or country blocking apps, however, when I asked how I could determine the offending IPs or even countries, shopify support told me that data was not available to us for customers, but only if they successfully completed an order. Strike two.
These fake customers and cart abandons are causing havoc in our analytics and because we integrate with hubspot I am having to manually purge batches of contacts and deals from there to avoid those analytics being ruined.
Looking around in this community hub, there are related conversations going back at least 2 years. Seems like this issue needs some additional prioritization attention!